[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.982860][ T26] audit: type=1800 audit(1568169523.326:25): pid=8689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 58.022895][ T26] audit: type=1800 audit(1568169523.326:26): pid=8689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 58.064343][ T26] audit: type=1800 audit(1568169523.326:27): pid=8689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.238' (ECDSA) to the list of known hosts. 2019/09/11 02:38:53 fuzzer started 2019/09/11 02:38:54 dialing manager at 10.128.0.26:45905 2019/09/11 02:38:54 syscalls: 2487 2019/09/11 02:38:54 code coverage: enabled 2019/09/11 02:38:54 comparison tracing: enabled 2019/09/11 02:38:54 extra coverage: extra coverage is not supported by the kernel 2019/09/11 02:38:54 setuid sandbox: enabled 2019/09/11 02:38:54 namespace sandbox: enabled 2019/09/11 02:38:54 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/11 02:38:54 fault injection: enabled 2019/09/11 02:38:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/11 02:38:54 net packet injection: enabled 2019/09/11 02:38:54 net device setup: enabled 02:41:45 executing program 0: faccessat(0xffffffffffffffff, 0x0, 0x0, 0x800) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='status\x00B#g9\xc1m\x17\xf9\r\xc2#\"\xc9O\x135 x^\x91\xea\x85\xae\x10|\xc3\x81\x98\x19\xc2cT\v\x1d\xe1\xba \x1em\xe4\xb7ZP\x11P\x91\xee\xd50\xaaH.6YF\x01\xce\xb5\xd1i\xc5\xba\xf4\x1b5\xd8\xa5\xa0\x9a\x82If\x13\xd8`#\x86[W\xef&\x9f\x90\xd3\x04\x96\x9fh}\xf5;a\x1b@\xa4B\x91\xb5\xa8\x82 \x8f\xbb\x83^T\xa4\x13\x10\xa3\xb4\x81\xd5\xbd\xbb\t\x81t)\t\xa6;|\xd1\xa1\x8d@^[\x01\x1b\xfb\xe5\xa4\xd5\xbf)\x94G\xe4\xc0\xddKc\xa3g!\x1c\x00x#\x8bP\x9daA\x00\xd3KU\x84\xaa;<\xb9\xb9\x9en_\x84q\x92\x94\xd4\x1b\'\x11|G\xfbO++\xe4u\xeb%\xd5\x01\x00\x00\x00\xcf\x84\"\xca\xdeW\f\b{\x03\xf6\xb1\x81\x8b\xc9pw\xdb#,I\xee\x06\xd1\xad\xd2_\xa7\xf7U\xe1\x00O\xbc\x01\x93K\xc7\x99[\xf2\x87\x97\x86;\xbb\xca\xc0\x1c\xe05\xf6n\xc3\xa9\x83{xe\xdd\xc1\xe3!\xccS^\x9b\xc5\xe7\b\xad\xce') socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setgroups(0x54b, &(0x7f0000000180)) pread64(r0, 0x0, 0x0, 0x0) 02:41:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$reiserfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x220500d, 0x0) syzkaller login: [ 240.535791][ T8856] IPVS: ftp: loaded support on port[0] = 21 [ 240.681923][ T8856] chnl_net:caif_netlink_parms(): no params data found [ 240.776532][ T8859] IPVS: ftp: loaded support on port[0] = 21 [ 240.786351][ T8856] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.794266][ T8856] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.803148][ T8856] device bridge_slave_0 entered promiscuous mode [ 240.817018][ T8856] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.825710][ T8856] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.833723][ T8856] device bridge_slave_1 entered promiscuous mode 02:41:46 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in=@broadcast, 0x0, 0x32}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0xf0}}]}, 0x13c}}, 0x0) [ 240.888391][ T8856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.913808][ T8856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.970514][ T8856] team0: Port device team_slave_0 added [ 241.010100][ T8856] team0: Port device team_slave_1 added [ 241.076542][ T8859] chnl_net:caif_netlink_parms(): no params data found 02:41:46 executing program 3: socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000600)="804000001009594b85c63c1cbd217c1befb0bb7a37993f6570e7e16ce3ec50bfc5ef8a02d2d09d533bdb902162bd8a34bd99f1433849e30002000015c7903df39cd3cec7fd016a7d19f90d050474571be52defa8b3180d89ea2486a44400000000000000000000000000b60ceceb46f90c68c46c5ad8340b1ce369fbab834d586f066b3038584fbf07d6267527b883f5bd4a9e79005018b93dceb15b0500000000000000cb121a0eac58b8ca3bd80eb2f318d9b248a27fa1eaf833f78322", 0xbe}], 0x1}, 0x0) r1 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492191, 0x0) r2 = getpgrp(0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, r2) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x38) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) [ 241.127394][ T8856] device hsr_slave_0 entered promiscuous mode [ 241.175800][ T8856] device hsr_slave_1 entered promiscuous mode 02:41:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x9000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$kcm(0x10, 0x2, 0x10) recvmmsg(r1, &(0x7f0000004300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2e0000002600050f0012e0713c444d240400fc00100002400a000000053582c137153e370900040002000000d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x100000a}, 0x0) [ 241.403513][ T8864] IPVS: ftp: loaded support on port[0] = 21 [ 241.441779][ T8859] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.460761][ T8862] IPVS: ftp: loaded support on port[0] = 21 [ 241.474268][ T8859] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.482096][ T8859] device bridge_slave_0 entered promiscuous mode [ 241.507428][ T8859] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.524166][ T8859] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.532035][ T8859] device bridge_slave_1 entered promiscuous mode [ 241.592311][ T8859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.647053][ T8866] IPVS: ftp: loaded support on port[0] = 21 [ 241.654919][ T8859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.677898][ T8856] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.685077][ T8856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.692911][ T8856] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.700033][ T8856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.728733][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.739818][ T12] bridge0: port 2(bridge_slave_1) entered disabled state 02:41:47 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000029c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000500)=""/246) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x48282) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) [ 241.796983][ T8859] team0: Port device team_slave_0 added [ 241.822806][ T8859] team0: Port device team_slave_1 added [ 241.973088][ T8864] chnl_net:caif_netlink_parms(): no params data found [ 242.007092][ T8859] device hsr_slave_0 entered promiscuous mode [ 242.067223][ T8859] device hsr_slave_1 entered promiscuous mode [ 242.144351][ T8859] debugfs: Directory 'hsr0' with parent '/' already present! [ 242.167033][ T8862] chnl_net:caif_netlink_parms(): no params data found [ 242.198486][ T8856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.211771][ T8870] IPVS: ftp: loaded support on port[0] = 21 [ 242.214949][ T8856] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.273256][ T8864] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.281456][ T8864] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.291630][ T8864] device bridge_slave_0 entered promiscuous mode [ 242.303597][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 242.312370][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.339158][ T8864] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.347402][ T8864] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.357520][ T8864] device bridge_slave_1 entered promiscuous mode [ 242.379312][ T8864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 242.413557][ T8864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 242.437889][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 242.446845][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 242.455449][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.462494][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.478613][ T8866] chnl_net:caif_netlink_parms(): no params data found [ 242.487895][ T8862] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.495888][ T8862] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.503600][ T8862] device bridge_slave_0 entered promiscuous mode [ 242.515084][ T8864] team0: Port device team_slave_0 added [ 242.526110][ T8864] team0: Port device team_slave_1 added [ 242.552080][ T8862] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.560232][ T8862] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.570766][ T8862] device bridge_slave_1 entered promiscuous mode [ 242.601130][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 242.612044][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 242.620870][ T3596] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.628060][ T3596] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.687373][ T8864] device hsr_slave_0 entered promiscuous mode [ 242.724670][ T8864] device hsr_slave_1 entered promiscuous mode [ 242.764259][ T8864] debugfs: Directory 'hsr0' with parent '/' already present! [ 242.792670][ T8862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 242.816068][ T8856] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 242.827958][ T8856] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 242.840574][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.852307][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 242.861164][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 242.870264][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 242.879051][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.888003][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.896856][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 242.905483][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 242.914619][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 242.923371][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 242.932326][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 242.940501][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 242.950500][ T8866] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.958894][ T8866] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.966912][ T8866] device bridge_slave_0 entered promiscuous mode [ 242.975486][ T8866] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.982547][ T8866] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.990709][ T8866] device bridge_slave_1 entered promiscuous mode [ 242.999381][ T8862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.072510][ T8862] team0: Port device team_slave_0 added [ 243.080279][ T8862] team0: Port device team_slave_1 added [ 243.089115][ T8856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.098202][ T8866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 243.160322][ T8870] chnl_net:caif_netlink_parms(): no params data found [ 243.177958][ T8866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.277059][ T8862] device hsr_slave_0 entered promiscuous mode [ 243.324807][ T8862] device hsr_slave_1 entered promiscuous mode [ 243.364243][ T8862] debugfs: Directory 'hsr0' with parent '/' already present! [ 243.378738][ T8870] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.392121][ T8870] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.400791][ T8870] device bridge_slave_0 entered promiscuous mode [ 243.420880][ T8866] team0: Port device team_slave_0 added [ 243.438375][ T8866] team0: Port device team_slave_1 added [ 243.446308][ T8870] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.453398][ T8870] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.466324][ T8870] device bridge_slave_1 entered promiscuous mode [ 243.498170][ T8870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 243.558143][ T8866] device hsr_slave_0 entered promiscuous mode [ 243.615096][ T8866] device hsr_slave_1 entered promiscuous mode [ 243.654521][ T8866] debugfs: Directory 'hsr0' with parent '/' already present! [ 243.671427][ T8859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.679944][ T8870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 02:41:49 executing program 0: [ 243.716108][ T8859] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.744992][ T8864] 8021q: adding VLAN 0 to HW filter on device bond0 02:41:49 executing program 0: [ 243.786876][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.797454][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 02:41:49 executing program 0: [ 243.832620][ T8870] team0: Port device team_slave_0 added [ 243.871912][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 02:41:49 executing program 0: [ 243.881428][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 243.901839][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.909004][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.920110][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 243.930168][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 243.938757][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.945875][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 243.975153][ T8870] team0: Port device team_slave_1 added [ 243.993191][ T8864] 8021q: adding VLAN 0 to HW filter on device team0 02:41:49 executing program 0: [ 244.016871][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 244.026945][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.041185][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 244.050603][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 02:41:49 executing program 0: [ 244.060603][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.078826][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 244.088516][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 244.108969][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 244.118329][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 244.127200][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.143935][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 02:41:49 executing program 0: [ 244.175980][ T8862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.188465][ T8859] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 244.201632][ T8859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 244.245264][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 244.253258][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 244.271596][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 244.286726][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.295939][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.304639][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.311692][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.319882][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 244.329103][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.342543][ T2999] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.349669][ T2999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.371616][ T8862] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.409199][ T8870] device hsr_slave_0 entered promiscuous mode [ 244.464974][ T8870] device hsr_slave_1 entered promiscuous mode [ 244.524404][ T8870] debugfs: Directory 'hsr0' with parent '/' already present! [ 244.535085][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 244.542993][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.551031][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.558843][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.568544][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.577201][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.584414][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.611056][ T8866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.620242][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 244.628838][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.637815][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 244.649048][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.658197][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.675400][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 244.683202][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 244.692404][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.700887][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.707953][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.716179][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.727630][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 244.736429][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 244.769878][ T8859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.778342][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.787367][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.800731][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 244.810360][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 244.819353][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 244.828144][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 244.836622][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 244.847127][ T8866] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.859613][ T8864] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 244.886444][ T8864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.916247][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.925865][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.935227][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.943801][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.952748][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.959836][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.968657][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 244.976890][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.029391][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.044751][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.053243][ T8878] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.060364][ T8878] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.075540][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.084677][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.093034][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 245.101707][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 245.110368][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 245.118692][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.127656][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 245.136277][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 245.144555][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.153529][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.163767][ T8878] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 245.173305][ T8862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 245.198361][ T8866] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 245.215802][ T8866] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 245.237365][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.246841][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.256540][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 245.274620][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 245.293761][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 245.303682][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 245.342640][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 245.362850][ T8870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.413325][ T8870] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.440723][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.449406][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.458038][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.490048][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.499475][ T3603] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.507419][ T3603] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.533667][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.542744][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.552175][ T3603] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.560293][ T3603] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.576712][ T8862] 8021q: adding VLAN 0 to HW filter on device batadv0 02:41:51 executing program 1: [ 245.603563][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.612076][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 245.622142][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.635617][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.653880][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.662732][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.673110][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.682212][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 245.691421][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 245.712886][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 245.738114][ T8866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 245.764864][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 245.773451][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 245.807671][ T8870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 245.860343][ T8870] 8021q: adding VLAN 0 to HW filter on device batadv0 02:41:51 executing program 2: 02:41:51 executing program 0: 02:41:51 executing program 4: 02:41:51 executing program 5: 02:41:51 executing program 3: 02:41:51 executing program 1: 02:41:51 executing program 0: 02:41:51 executing program 2: 02:41:51 executing program 4: 02:41:51 executing program 2: 02:41:51 executing program 3: 02:41:51 executing program 4: 02:41:51 executing program 0: 02:41:51 executing program 1: 02:41:52 executing program 5: 02:41:52 executing program 1: 02:41:52 executing program 3: 02:41:52 executing program 0: mknod(&(0x7f00000004c0)='./bus\x00', 0xa88, 0x0) lsetxattr$security_selinux(&(0x7f0000000180)='./bus\x00', &(0x7f0000000240)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:mount_exec_t:s0\x00', 0x22, 0x0) execve(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0) 02:41:52 executing program 2: open(0x0, 0x141042, 0x0) getpid() write$P9_RLCREATE(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x803, 0x200000000000007) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00a\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000140)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, 0x0, 0x4000) 02:41:52 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000340)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x110, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r2, &(0x7f0000000440)=ANY=[], 0x208) creat(&(0x7f0000000400)='./file0\x00', 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) 02:41:52 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x3) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000300), 0x8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 02:41:52 executing program 3: [ 246.949972][ T8990] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.957525][ T8990] bridge0: port 1(bridge_slave_0) entered disabled state 02:41:52 executing program 1: 02:41:52 executing program 3: mmap(&(0x7f000053b000/0x4000)=nil, 0x4000, 0x0, 0x2871, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mincore(&(0x7f0000538000/0x4000)=nil, 0x4000, &(0x7f0000000040)=""/57) 02:41:52 executing program 1: r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000580)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x10000005c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) write$P9_RLCREATE(r0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fchdir(0xffffffffffffffff) r2 = socket$inet6(0xa, 0x803, 0x200000000000007) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00a\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000140)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) 02:41:52 executing program 0: r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r2 = socket$pppoe(0x18, 0x1, 0x0) ppoll(&(0x7f0000000080)=[{r0}, {r1, 0xb028831f694829e8}, {r2}], 0x3, 0x0, 0x0, 0x0) [ 247.490860][ T9027] kasan: CONFIG_KASAN_INLINE enabled [ 247.509668][ T9027] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 247.548310][ T9001] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.555772][ T9001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.563220][ T9001] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.564183][ T9027] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 247.570436][ T9001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.577278][ T9027] CPU: 0 PID: 9027 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 247.577288][ T9027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.577364][ T9027] RIP: 0010:xsk_poll+0x95/0x540 [ 247.577390][ T9027] Code: 80 3c 02 00 0f 85 70 04 00 00 4c 8b a3 88 04 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 96 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 bf 03 00 00 [ 247.628157][ T9027] RSP: 0018:ffff8880589df850 EFLAGS: 00010207 [ 247.634240][ T9027] RAX: dffffc0000000000 RBX: ffff8880a3e1e000 RCX: ffffc9000614e000 [ 247.642202][ T9027] RDX: 0000000000000012 RSI: ffffffff859b6684 RDI: 0000000000000096 [ 247.650179][ T9027] RBP: ffff8880589df880 R08: ffff8880589d6480 R09: ffffed10147c3c49 [ 247.658161][ T9027] R10: ffffed10147c3c48 R11: ffff8880a3e1e247 R12: 0000000000000000 [ 247.658734][ T9001] device bridge0 entered promiscuous mode [ 247.666137][ T9027] R13: 0000000000000304 R14: ffff8880a1877080 R15: ffff8880a2af05a0 [ 247.666148][ T9027] FS: 00007f753b749700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 247.666156][ T9027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 247.666161][ T9027] CR2: 000000002020057f CR3: 00000000a0352000 CR4: 00000000001406f0 [ 247.666170][ T9027] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 247.666176][ T9027] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 247.666181][ T9027] Call Trace: [ 247.666206][ T9027] ? xsk_setsockopt+0x680/0x680 [ 247.666270][ T9027] sock_poll+0x15e/0x480 [ 247.666288][ T9027] ? __sock_recv_wifi_status+0x1d0/0x1d0 [ 247.738034][ T9027] do_sys_poll+0x7c2/0xde0 [ 247.742653][ T9027] ? compat_core_sys_select+0x770/0x770 [ 247.748216][ T9027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.754463][ T9027] ? futex_wait_queue_me+0x3cc/0x590 [ 247.759752][ T9027] ? handle_futex_death.part.0+0x250/0x250 [ 247.765568][ T9027] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 247.771473][ T9027] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 247.777205][ T9027] ? futex_wait+0x482/0x5d0 [ 247.781727][ T9027] ? futex_wait_setup+0x390/0x390 [ 247.786763][ T9027] ? refcount_dec_and_test_checked+0x1b/0x20 [ 247.792753][ T9027] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 247.798663][ T9027] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 247.804395][ T9027] ? poll_initwait+0x180/0x180 [ 247.809181][ T9027] ? set_fd_set.part.0+0x70/0x70 [ 247.814132][ T9027] ? mark_lock+0xc2/0x1220 [ 247.818557][ T9027] ? __kasan_check_read+0x11/0x20 [ 247.823672][ T9027] ? __lock_acquire+0x16f2/0x4a00 [ 247.828707][ T9027] ? __kasan_check_read+0x11/0x20 [ 247.833741][ T9027] ? mark_lock+0xc2/0x1220 [ 247.838162][ T9027] ? do_futex+0x17d/0x1de0 [ 247.842594][ T9027] ? __might_fault+0x12b/0x1e0 [ 247.847370][ T9027] ? find_held_lock+0x35/0x130 [ 247.852143][ T9027] ? __might_fault+0x12b/0x1e0 [ 247.856918][ T9027] ? lock_downgrade+0x920/0x920 [ 247.861785][ T9027] ? __kasan_check_read+0x11/0x20 [ 247.866818][ T9027] ? set_user_sigmask+0x166/0x1e0 [ 247.871850][ T9027] ? sigprocmask+0x2b0/0x2b0 [ 247.876635][ T9027] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 247.882878][ T9027] ? put_timespec64+0xda/0x140 [ 247.887645][ T9027] ? nsecs_to_jiffies+0x30/0x30 [ 247.892504][ T9027] __x64_sys_ppoll+0x259/0x310 [ 247.897270][ T9027] ? __ia32_sys_poll+0x470/0x470 [ 247.902210][ T9027] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 247.907680][ T9027] ? do_syscall_64+0x26/0x760 [ 247.912402][ T9027] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.918479][ T9027] ? do_syscall_64+0x26/0x760 [ 247.923169][ T9027] ? lockdep_hardirqs_on+0x418/0x5d0 [ 247.928462][ T9027] ? trace_hardirqs_on+0x67/0x240 [ 247.933494][ T9027] do_syscall_64+0xfa/0x760 [ 247.938006][ T9027] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.943898][ T9027] RIP: 0033:0x4598e9 [ 247.947791][ T9027] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 247.967482][ T9027] RSP: 002b:00007f753b748c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 247.975902][ T9027] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 247.983881][ T9027] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000080 [ 247.991859][ T9027] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 247.999836][ T9027] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f753b7496d4 [ 248.007819][ T9027] R13: 00000000004c679f R14: 00000000004db8f8 R15: 00000000ffffffff [ 248.015801][ T9027] Modules linked in: 02:41:53 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, 0x0, 0x0) dup(r1) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r2) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYRESDEC], 0x14) r3 = dup(r0) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000000)={0x18}, 0xffffffffffffff3c) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r7 = socket$kcm(0x2, 0x1000000000000002, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000000), 0x0) setsockopt$sock_attach_bpf(r7, 0x1, 0x3e, &(0x7f00000002c0)=r6, 0x161) sendmsg$kcm(r7, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r7, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0) [ 248.044173][ T9027] ---[ end trace b70892fa91c9098e ]--- [ 248.053312][ T3892] kobject: 'loop4' (000000004255c113): kobject_uevent_env [ 248.053352][ T3892] kobject: 'loop4' (000000004255c113): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 248.074521][ T26] kauditd_printk_skb: 3 callbacks suppressed 02:41:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x106], 0x1f000}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000003a00)=[{0x0, 0x0, &(0x7f0000001900)=[{&(0x7f0000000840)="456ee7f4b056957bf306bb3faab74787f6d66a8db334c473c4b14984e4da5537c656299b59d90381033cedf79b89f49f2ff80b9d284db8a9265f16715ab9ac8c4b122febc9033a6bd29cfa784e3f5b8c193dccf61a1b47548e2dfbf21954819c507e64b07e75534f015864c660a38b54d1e5475ffd0e4f72ae1c9fff1f99764c8c07d7d2981b651a99ee964e6503f9ceb2ea15e710b2e45945aa5c5086f075ec50bbe9046829a4755d957447eb12174c109f4c64137311a286a14327739d61c439ecc3acfb3d45088600eb99e34bbffd4136072bcdec7539a3d722b79d32d33a896073ead5a999cc4bf80caf208550da8ad361c2566f1b19d55438a8b9d47e9f645803edd4967d7c25137431580a0e1ecbfa2db7a5fb36ee2b715c50d4761e554c3c84b553dadcdb0397c35cb6a0744c3f6c9779e64b472acfdbddba37c02e4e888a1799efca41ca1cf23e367fdc0156242dfb3dd42712f2218c78953540a0540495eb42fa84ca7261b8b7d92b5a8dda2528a06f329a7b69f81f6454885d1775f9dc0f17eec1eb6db9978058c0234a42533de1aa8c8416a7a786b97abef2c6c380b764b900be41967f6d6877f3c574cf4d6ad8dfa3a2ce526fc86c70d758c80a3fe8eb07484b50fdaa8757146c0064d5199ffa89a55942ecbd28c3373dcec0d5b6de1adfdd3a304bda29e0af16cf014fe76bf4caa47efbdd37843c24b41305e46517f8a321670b047254c24a9f311e4ca5f52797eee02f4e640f5cd8943ea89f4a68282a994ee6a12a82a4f3a066e4f3dedf2510f0c2cfcbed1d4970cfe9f380c93a995add88ffbb9cff5fe15bdc6d20337135aef6e89d045b173c748ad23d47c50c22ac9469a205f8ddcc224d7cc8962a6e229e76bff78f23ab3d9bb4819253304ec4f949351b7ea5e51600dd7cfc466d05793864a66b11cdcf08da116caf95548229aaadc6f0e943a1ff07ba197edf004dad7fd54812cfc37a6081cc7461c54db11b5754f6f2cfaad48ecd1462ad99ef8648e81697beff194a8677ade24cf0dcf17192a40b74dcda5476293a369d73c0ccc62b91c19476f53779669f8cbc510bd16f5df349f35872accb2836cc601583b17b0c16320991a5b57c36e801f6583969a122d533e9b64e4fa93f24543be9d65194f5170f878a794c39422573a06d5451cafbb98a8e1bc4f9cc6af520c47e532afdf0c9f8a1d50fd5a818b5da7bd178375e09447465c217cf49957e98f10941f2c3c7a8cb58ce76552da0996bd214d3af247679529bfa26e707f33c29ced1c0c8c8aa459160ea5a839f4ec00bcb85d0859f6902a67187040c0688b713c3d4c350bffed2bfb91276bb3634485a6d8375ec8fa803a0ba73887a548cdc594f87eded214df1cf60eaee0f28172a2bd8a675ff9e36a90105779799a2479af8259f2ebe9bfe16bbb21b6293ce341b00fa1e2a2585c6e9d35813e35eaf6c2b135b09bce3b11300c19b6321df1da280ffd7a0fe6fb9c458672fb419fdcae8364dd60ff733f2477c171fa7de1186e70ee52af2c8f1307130485a62b45afb501127c288d9491b6e79b468c69f001e817efa0429954cce1e58d4fd142ad220474ad42621c79fce4ce974c2cad273a8ded326383b71691d5d158e6c82501b48cd067d5fb0f4f8bf1538481e88177057d7dd2fa9970c5a22a533454cfdeab964fb2a2d2cfff605349552a0aacd9e4080905af45a88e0e5fc536874c4b2ef42de84b110f198f2988b0667fb2fde1ec516080d6ead80d5b2e66a830c4e05cf050f0694277146abef3702dd1412d2479f74b4b3498e7a22586948c507a5f6bd629b884e99e0fa6bd8a45b0ffba21c8e44df7be18dd8a9bbd73a0609f2914637b0ad31052d98c7274658cf5b166749fea07478cb833eb30169c59752f0f3fafb553bc11eab58eabe8e1cc233c4be509a2dc09bddce78ce5a48a70fb86d0ddb726a29554edf1088db1159e4516166a3caa6090948412d608a68c2a480d32a11197bb3cc320f100f8c055e346c9d19e6cf8a5d6e40a6eab402bef379a0c763e282e4da4cf7a1adfdc2094beb9ed41a5cd292d21ad5a6ffa436550f790ab762c19ce7d5fe294cfd9b7ba4aca41ec0433b071de277f08425c447160e045902f556c526b95232db406d489e5c2cfce4f7a8896f54cf125fad42cc4b583aa94f9c17de4d272cc7761e51cae1573b087e191bb1f496e4e2bb1c55e7fb80a8fcc96f2b97e2d0bcd43114c696dc252cd56add805560c7d75dddd40ec6c57d01d1618dfee3a0e70e70f1236c729c67dc53050c568ec98956c218c9830f445405958cd7a2ae4a9aecae39d734b10b5ba7d054d02eba8f0daa54257f0ef894d5b14c801680a0948f3f561f5124937db03ebba07a0922a062c2b15c01d800bd778f7cc600cd40cbdb6f95032fc4fe1d2c6d2d088e03e3a1665847fcca434a9028a3c09be9442ff3d91deefcc8c64405a2f9edcc81353544c6a92561876f049801c2338b43935650eae9f44f3519bd072c474d778b0dc61dfd9681db734cc86b438f7149e1e162ed6a7ffd3e5fa44800e1abda531c3a575fde822121ffff37c735bfb0cd30095e907848f5d4530eed7201e7a32ca78df0adebdd2b82b1ea787d47a8382470ac8565665bffcf2480fefdc85b16e433d59e57549b58ff6b45c5dbe52ce4f8fbcab82a51d8f0a213355bb4a0640137a866e68ec57b7a87e2920bec11659a629a08de67c112d8ececa654506431c8b4ca1420150c5ac394d3528d5915032fae9b755e5d62816d0a47c0661c80ab533b169bfb0166b83d0dd1", 0x7bf}], 0x1}], 0x1, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 248.074543][ T26] audit: type=1804 audit(1568169713.406:31): pid=8999 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir298494016/syzkaller.lpeGdV/4/file0/file0" dev="sda1" ino=16555 res=1 [ 248.074974][ T3892] kobject: 'loop3' (00000000c79c2eec): kobject_uevent_env 02:41:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv6_getmulticast={0x14, 0x3a, 0xb11}, 0x14}}, 0x0) [ 248.142683][ T9028] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.150090][ T9028] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.157235][ T3892] kobject: 'loop3' (00000000c79c2eec): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 248.180362][ T3892] kobject: 'loop5' (00000000fa50f763): kobject_uevent_env [ 248.192163][ T3892] kobject: 'loop5' (00000000fa50f763): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 248.202575][ T9029] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.209680][ T9029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.217085][ T9029] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.224206][ T9029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.231636][ T9029] device bridge0 entered promiscuous mode [ 248.246033][ T9027] RIP: 0010:xsk_poll+0x95/0x540 [ 248.264879][ T9040] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 248.267884][ T9027] Code: 80 3c 02 00 0f 85 70 04 00 00 4c 8b a3 88 04 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 96 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 bf 03 00 00 02:41:53 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, 0x0, 0x0) dup(r1) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r2) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYRESDEC], 0x14) r3 = dup(r0) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000000)={0x18}, 0xffffffffffffff3c) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r7 = socket$kcm(0x2, 0x1000000000000002, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000000), 0x0) setsockopt$sock_attach_bpf(r7, 0x1, 0x3e, &(0x7f00000002c0)=r6, 0x161) sendmsg$kcm(r7, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r7, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0) [ 248.318948][ T9040] kobject: 'kvm' (00000000c665f174): kobject_uevent_env [ 248.326074][ T26] audit: type=1800 audit(1568169713.666:32): pid=9023 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=16548 res=0 [ 248.339933][ T3892] kobject: 'loop3' (00000000c79c2eec): kobject_uevent_env [ 248.353698][ T9040] kobject: 'kvm' (00000000c665f174): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 248.357898][ T3892] kobject: 'loop3' (00000000c79c2eec): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 248.394269][ C1] hrtimer: interrupt took 28142 ns [ 248.406553][ T9046] kasan: CONFIG_KASAN_INLINE enabled [ 248.412168][ T9046] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 248.423647][ T9046] general protection fault: 0000 [#2] PREEMPT SMP KASAN [ 248.430624][ T9046] CPU: 0 PID: 9046 Comm: syz-executor.0 Tainted: G D 5.3.0-rc6-next-20190830 #75 [ 248.441128][ T9046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.451244][ T9046] RIP: 0010:xsk_poll+0x95/0x540 [ 248.456112][ T9046] Code: 80 3c 02 00 0f 85 70 04 00 00 4c 8b a3 88 04 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 96 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 bf 03 00 00 [ 248.475727][ T9046] RSP: 0018:ffff888058c87850 EFLAGS: 00010207 [ 248.480900][ T9027] RSP: 0018:ffff8880589df850 EFLAGS: 00010207 [ 248.481800][ T9046] RAX: dffffc0000000000 RBX: ffff8880960b3000 RCX: ffffc90006550000 [ 248.481809][ T9046] RDX: 0000000000000012 RSI: ffffffff859b6684 RDI: 0000000000000096 [ 248.481822][ T9046] RBP: ffff888058c87880 R08: ffff888058c7a500 R09: ffffed1012c16649 [ 248.512013][ T9046] R10: ffffed1012c16648 R11: ffff8880960b3247 R12: 0000000000000000 [ 248.519991][ T9046] R13: 0000000000000304 R14: ffff8880a4c8a500 R15: ffff8880946a8a20 [ 248.527956][ T9046] FS: 00007f753b707700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 248.536973][ T9046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 248.543533][ T9046] CR2: 0000000000625208 CR3: 00000000a0352000 CR4: 00000000001426f0 [ 248.551516][ T9046] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 248.559484][ T9046] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 248.567439][ T9046] Call Trace: [ 248.570724][ T9046] ? xsk_setsockopt+0x680/0x680 [ 248.575564][ T9046] sock_poll+0x15e/0x480 [ 248.579791][ T9046] ? __sock_recv_wifi_status+0x1d0/0x1d0 [ 248.585405][ T9046] do_sys_poll+0x7c2/0xde0 [ 248.590152][ T9046] ? compat_core_sys_select+0x770/0x770 [ 248.595686][ T9046] ? security_file_ioctl+0x77/0xc0 [ 248.600778][ T9046] ? ksys_ioctl+0x57/0xd0 [ 248.605087][ T9046] ? __x64_sys_ioctl+0x73/0xb0 [ 248.609831][ T9046] ? do_syscall_64+0xfa/0x760 [ 248.614501][ T9046] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 248.620549][ T9046] ? debug_check_no_obj_freed+0x20a/0x43f [ 248.626245][ T9046] ? __kasan_check_read+0x11/0x20 [ 248.631250][ T9046] ? __kasan_check_write+0x14/0x20 [ 248.636341][ T9046] ? lock_downgrade+0x920/0x920 [ 248.641186][ T9046] ? rwlock_bug.part.0+0x90/0x90 [ 248.646118][ T9046] ? debug_check_no_obj_freed+0xc0/0x43f [ 248.651771][ T9046] ? tomoyo_path_number_perm+0x214/0x520 [ 248.657401][ T9046] ? __kasan_check_read+0x11/0x20 [ 248.662421][ T9046] ? poll_initwait+0x180/0x180 [ 248.667175][ T9046] ? set_fd_set.part.0+0x70/0x70 [ 248.672187][ T9046] ? tomoyo_path_number_perm+0x459/0x520 [ 248.677807][ T9046] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 248.684031][ T9046] ? kcov_ioctl+0x53/0x200 [ 248.688428][ T9046] ? __kasan_check_read+0x11/0x20 [ 248.694736][ T9046] ? lock_downgrade+0x920/0x920 [ 248.699578][ T9046] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 248.705403][ T9046] ? __might_fault+0x12b/0x1e0 [ 248.710144][ T9046] ? __kasan_check_read+0x11/0x20 [ 248.715146][ T9046] ? __kasan_check_read+0x11/0x20 [ 248.720149][ T9046] ? do_raw_spin_unlock+0x57/0x270 [ 248.725241][ T9046] ? lock_downgrade+0x920/0x920 [ 248.730072][ T9046] ? __might_fault+0xfb/0x1e0 [ 248.734732][ T9046] ? __kasan_check_read+0x11/0x20 [ 248.739745][ T9046] ? set_user_sigmask+0x166/0x1e0 [ 248.744747][ T9046] ? sigprocmask+0x2b0/0x2b0 [ 248.749328][ T9046] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 248.755577][ T9046] ? put_timespec64+0xda/0x140 [ 248.760335][ T9046] ? nsecs_to_jiffies+0x30/0x30 [ 248.765166][ T9046] __x64_sys_ppoll+0x259/0x310 [ 248.769911][ T9046] ? __ia32_sys_poll+0x470/0x470 [ 248.774829][ T9046] ? __x64_sys_clock_gettime+0x16d/0x240 [ 248.780458][ T9046] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 248.786506][ T9046] ? trace_hardirqs_off_caller+0x65/0x230 [ 248.792202][ T9046] ? trace_hardirqs_on+0x67/0x240 [ 248.797218][ T9046] do_syscall_64+0xfa/0x760 [ 248.801712][ T9046] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 248.807609][ T9046] RIP: 0033:0x4598e9 [ 248.811500][ T9046] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 248.831097][ T9046] RSP: 002b:00007f753b706c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 248.839494][ T9046] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 248.847444][ T9046] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000080 [ 248.855401][ T9046] RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 [ 248.863351][ T9046] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f753b7076d4 [ 248.871297][ T9046] R13: 00000000004c679f R14: 00000000004db8f8 R15: 00000000ffffffff [ 248.879258][ T9046] Modules linked in: [ 248.884402][ T9028] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.891563][ T9028] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.893102][ T9027] RAX: dffffc0000000000 RBX: ffff8880a3e1e000 RCX: ffffc9000614e000 [ 248.898839][ T9028] device bridge0 left promiscuous mode [ 248.907821][ T9046] ---[ end trace b70892fa91c9098f ]--- [ 248.918278][ T9046] RIP: 0010:xsk_poll+0x95/0x540 [ 248.923188][ T9027] RDX: 0000000000000012 RSI: ffffffff859b6684 RDI: 0000000000000096 [ 248.931433][ T9046] Code: 80 3c 02 00 0f 85 70 04 00 00 4c 8b a3 88 04 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 96 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 bf 03 00 00 [ 248.952254][ T3892] kobject: 'loop3' (00000000c79c2eec): kobject_uevent_env [ 248.960455][ T3603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 248.969697][ T9027] RBP: ffff8880589df880 R08: ffff8880589d6480 R09: ffffed10147c3c49 [ 248.978824][ T3892] kobject: 'loop3' (00000000c79c2eec): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 248.989546][ T9027] R10: ffffed10147c3c48 R11: ffff8880a3e1e247 R12: 0000000000000000 [ 249.005782][ T9046] RSP: 0018:ffff8880589df850 EFLAGS: 00010207 [ 249.012004][ T9027] R13: 0000000000000304 R14: ffff8880a1877080 R15: ffff8880a2af05a0 [ 249.020300][ T9046] RAX: dffffc0000000000 RBX: ffff8880a3e1e000 RCX: ffffc9000614e000 [ 249.020308][ T9046] RDX: 0000000000000012 RSI: ffffffff859b6684 RDI: 0000000000000096 [ 249.020325][ T9046] RBP: ffff8880589df880 R08: ffff8880589d6480 R09: ffffed10147c3c49 [ 249.035880][ T9036] kobject: 'kvm' (00000000c665f174): kobject_uevent_env [ 249.050839][ T9046] R10: ffffed10147c3c48 R11: ffff8880a3e1e247 R12: 0000000000000000 [ 249.051701][ T9036] kobject: 'kvm' (00000000c665f174): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 249.061630][ T8990] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.069262][ T9027] FS: 00007f753b749700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 249.076218][ T8990] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.095030][ T9027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 249.101783][ T9027] CR2: 0000001b2df27000 CR3: 00000000a0352000 CR4: 00000000001426f0 [ 249.106435][ T9046] R13: 0000000000000304 R14: ffff8880a1877080 R15: ffff8880a2af05a0 [ 249.110050][ T9027] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 249.118034][ T8866] kobject: 'loop4' (000000004255c113): kobject_uevent_env [ 249.126308][ T9027] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 249.135470][ T8990] device bridge0 left promiscuous mode [ 249.141065][ T9027] Kernel panic - not syncing: Fatal exception [ 249.148686][ T8866] kobject: 'loop4' (000000004255c113): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 249.163849][ T9027] Kernel Offset: disabled [ 249.168229][ T9027] Rebooting in 86400 seconds..